package com.javasm.controller;

import com.javasm.annotation.Permission;
import com.javasm.domain.AuthenConstant;
import com.javasm.domain.LoginUser;
import com.javasm.domain.ResponseResult;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @Author：MoDebing
 * @Version：1.0
 * @Date：2022-09-01-16:33
 * @Description:
 */
@RestController
@RequestMapping
@Slf4j
public class HelloController {

    // 赋予权限，其实就是调用了一个方法，返回布尔类型的值，true允许访问，false则无权限访问\
    // 在方法拦截之前进行权限验证
    //@PreAuthorize("hasAuthority('test')")

    // 在方法之后进行权限认证
    //@PostAuthorize()

    // 自定义鉴权注解，这个注解的意思是拥有system:vip:list权限才可以访问
    @Permission(authentication = AuthenConstant.VIP)
    @RequestMapping("/user/hello")
    public String hello(){
        return "hello";
    }

    @Permission(authentication = {AuthenConstant.NORMAL,AuthenConstant.VIP})
    @GetMapping("/user/getUserInfo")
    public String getUserInfo(){
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        return loginUser.toString();
    }

    @GetMapping("/user/deleteUser")
    public ResponseResult delete(){
        log.debug("删除用户");
        return new ResponseResult(200,"删除成功");
    }

    //@Permission(authentication = {AuthenConstant.ALL})
    @PostMapping("testCors")
    public ResponseResult testCors(){
        return new ResponseResult(200,"testCors");
    }
    
}
